Pluggable security device

ABSTRACT

A pluggable security device for protecting an electronic device, such as a laptop, is disclosed. The pluggable security device has a battery, a siren, and an optional accelerometer. The security device is triggered by unplugging from the electronic device, or by sensing acceleration, or by disconnecting the electronic device from AC power or from a network. Once the security device is triggered and its internal siren is activated, it can only be deactivated by reinserting the pluggable security device into the electronic device it has been disconnected from and by entering a password in the electronic device.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present invention claims priority from U.S. provisional patentapplication No. 61/300,528 filed Feb. 2, 2010, which is incorporatedherein by reference.

TECHNICAL FIELD

The present invention relates to security devices, and in particular tosecurity devices pluggable into electronic devices, for protecting theelectronic devices from unauthorized use, tampering, or theft.

BACKGROUND OF THE INVENTION

Personal computers are commonly used in work environments where anoperator is not always present. A computer store, a computer equippedlaboratory or a conference room, and an Internet café are examples ofsuch environments. Mobile workers and consultants frequently travel withpersonal computers, taking them to public places. Personal computers, inparticular laptop computers, pose an opportunity for theft of high valueassets. Because laptop computers are relatively easy to carry andresell, they are one of the most frequently stolen articles.

According to studies conducted over the years, computer data is rarelybacked up or encrypted as often as a good practice would require.Consequently, when a theft occurs, considerable amounts of work andprivate information are left in hands of unauthorized parties. The theftof personal computers results in loss of data and productivity.Furthermore, the user's private information left in hands ofunauthorized parties can result in an identity theft, as well. Nowadays,regulatory compliance dictates severe penalties to corporations andtheir directors for the unintentional disclosure of private orconfidential information. Personal banking, shopping, and personalcommunication is commonly done using personal computers. Thus, anidentity theft can result in very serious consequences for the owner ofa stolen computer.

The current security solutions for laptop computers and other portableelectronic devices can be categorized into “physical”, “phone-home”, and“alarm” security solutions. Most commercially available securityproducts fall into one of these three categories.

Physical security products are designed to connect the device beingprotected to a static object, or to a heavy, difficult to carry object.These products include locks, locks with tension alarms, or glue pads.The effectiveness of these security products is limited to the strengthof the materials used for device attachment, and typically can onlyoffer a limited protection. In many cases, the exertion of minor tomoderate force can easily disengage the lock type devices from theanchor hole in notebook computers. Where glue pads are used, theelectronic device is affixed to the desk making it a semi-permanentinstallation, and rendering the electronic device not portable.

“Phone-home” security solutions employ a difficult to remove embeddedsoftware that will “ping” home the next time the stolen electronicdevice is connected to the Internet or a phone line. However, it couldbe weeks before the device is resold and connected to the Internet. Thestolen device could have already been moved to a faraway location, andthe data that were stored by the storage device such as a hard drivecould have already been erased or copied by the wrongdoer. As a result,the effectiveness of these types of solutions in preserving the data andthe work done is quite limited.

“Alarm” security products are constructed to prevent a theft of an assetby sounding a loud alarm signal during an attempted theft, for examplewhen the asset is moved. They are similar to car alarm systems equippedwith electronic switches and motion sensors.

In U.S. Pat. No. 5,317,304, which is incorporated herein by reference,Choi discloses a security system for preventing computer theft. Thesecurity system of Choi has a microprocessor controlled alarm sensorconnected to motion and contact sensors. It has a key pad, a display,and a siren for sounding an alarm. The motion sensor is a mercury switchor a piezo sensor. The security system of Choi does not interact withthe host computer, the theft of which it is intended to prevent, and issimilar to a home intrusion security system. Disadvantageously, thesecurity system of Choi is rather bulky. It requires a physicalattachment to the host computer.

In U.S. Pat. No. 6,147,603, which is incorporated herein by reference, Rand discloses an anti-theft system that uses a customized UniversalSerial Bus (USB) cable with an integrated security circuit to monitorremoval or loss of the USB connection to a host monitoring system. Whenthe USB connection is lost, an alarm is activated. This system islimited to use in environments where a centralized monitoring system canbe deployed, such as a retail showroom or an office.

In U.S. Pat. No. 7,068,168, which is incorporated herein by reference,Girshovich et al. disclose an anti-theft system for protecting computersand other high-value assets from theft. The system of Girshovich et al.has a wireless transmitter device integrated into the asset to beprotected. When a theft is detected, the transmitter is activated andsends a signal to a receiver, which in turn activates an alarm.Disadvantageously, the security system of Girshovich et al. requires aphysical integration with the asset to be protected.

In U.S. Pat. Nos. 7,026,933 and 7,135,971, which are incorporated hereinby reference, Kim discloses an anti-theft security device connectable toa USB port of a portable computer. The Kim device has a motion detectorand an alarm sub-system which can be triggered by motion or byunplugging the device from the host computer. The Kim device iscontrolled by a remote wireless controller. Disadvantageously, theremote wireless controller represents a substantial security concern.Indeed, signals from the remote wireless controller can be interceptedand emulated to deactivate the alarm devices; or the wireless controlleritself can be stolen. Furthermore, the Kim device is permanently affixedto a cover of the device being protected.

In U.S. Pat. No. 7,305,714, which is incorporated herein by reference,Hamaguchi et al. disclose a USB pluggable anti-theft device including amicroprocessor controlled accelerometer and a siren for sounding analarm. The device of Hamaguchi et al. continuously senses accelerationand temperature, providing both visual and audible alert signals upontriggering by either acceleration or temperature exceeding presetthresholds. Disadvantageously, the device of Hamaguchi et al. iscompletely deactivated by disconnection from the host device it isplugged into. The controller software is automatically uninstalled oncethe device of Hamaguchi et al. is disconnected from the host computer.

The prior art is lacking a security device that would be versatile andreliable, easy to install and uninstall, while providing a high degreeof protection against unauthorized access or theft.

The ease of use of a security device is nearly as important the degreeof protection that is offered by the device. If the security device iscumbersome or troublesome to use, it may not be used in actual practice,so that the computer it is intended to protect will lack any protection.Accordingly, it is a goal of the present invention to provide a securitydevice that would be simple to install and use while providing a highdegree of protection against theft and/or loss of data.

SUMMARY OF THE INVENTION

In accordance with the invention there is provided a pluggable securitydevice for protecting an electronic device, comprising:

a tamper-resistant enclosure;

a connector for plugging the security device to the electronic device;

an alarm sound source for producing an audible alarm sound;

a battery for providing electrical power to the pluggable securitydevice; and

a microprocessor unit (MPU) for controlling the pluggable securitydevice;

wherein the alarm sound source, the battery, and the MPU are disposedwithin the enclosure;

wherein the MPU is configured to generate an alarm including activatingthe alarm sound source, in response to a first alarm triggering event;and

wherein the MPU includes a non-volatile memory unit for storing deviceoperational policies and/or configuration settings.

Preferably, the pluggable security device has an accelerometer forsensing acceleration, disposed within the enclosure, wherein theconnector is rigidly attached to the enclosure, and wherein the firstalarm triggering event includes the acceleration sensed by theaccelerometer exceeding an acceleration threshold. Further, preferably,the acceleration threshold is adjustable by a user.

Further, preferably, the tamper-resistant enclosure is absent anyuser-accessible controls. Thus, the security device of the inventionprovides all the security features therein, including the deviceoperational policies and configuration settings, which greatly reducesany possibility of tampering or unauthorized disabling of the securitysystem.

The control software, once installed, causes the electronic deviceand/or the security device to be responsive to a second alarm triggeringevent, which may include unplugging of the security device from theelectronic device, switching the electronic device from an externalpower source to an internal battery, a failed user authenticationattempt or a pre-defined number of failed authentication attempts, andunplugging the electronic device from a network. The response of theelectronic device may include sounding an audible alarm by the alarmsound source of the pluggable security device, sounding an audible alarmby the electronic device, locking the electronic device, and dismountingencrypted data storage devices. In this context, the terms “first” and“second” are not intended to denote an order of occurrence of theevents. Rather, they are simply name identifiers.

In accordance with another aspect of the invention there is furtherprovided a security system comprising the pluggable security device anda security server connected to the electronic device through a network,wherein the security server is configured to be responsive todisconnecting the electronic device from the network, by sending anelectronic message to a user and/or a manager of the electronic device.

The alarm can be tripped by any of the following events: sensingacceleration above the pre-defined threshold, detecting unplugging ofthe pluggable security device from the electronic device, detectingdisconnection of the electronic device from a network, detecting afailed authentication attempt, and/or detecting switching of theelectronic device from an external power source to an internal powersource. The reaction to an alarm triggering event may include soundingan alarm in the pluggable security device and/or sounding an alarm inthe electronic device, triggering data encryption in the electronicdevice, locking the electronic device, and/or sending, from a dedicatedserver connected through a network to the electronic device, a messageto a user and/or a manager of the electronic device. Preferably, thetriggering events and reactions are a part of a user definable policythat is appropriate to a particular use of the pluggable security deviceand may include any combination of the above stated alarm triggeringevents and/or alarm actions.

In accordance with yet another aspect of the invention there is furtherprovided a method of protecting an electronic device, comprising:

(a) providing the pluggable security device;

(b) plugging the security device into the electronic device; and

(c) activating the security device to be responsive to an alarmtriggering event.

BRIEF DESCRIPTION OF THE DRAWINGS

Exemplary embodiments will now be described in conjunction with thedrawings in which:

FIG. 1 is a diagrammatic view of a security system of the presentinvention for protecting an electronic device from tampering or theft;

FIG. 2 is a block diagram of the pluggable security device shown in FIG.1;

FIG. 3 is a block diagram of the security device of FIG. 1 plugged intothe electronic device of FIG. 1;

FIG. 4 is a block diagram of a security system having a dedicatedsecurity server connected to a network;

FIG. 5 is a diagram of states of the security systems of FIG. 4 and FIG.1;

FIG. 6 is a flow chart of a security monitoring process run by thesecurity system of FIG. 4;

FIG. 7 is a block diagram of a disarming process in the security systemof FIG. 1 or FIG. 4; and

FIG. 8 is a block diagram of an alarm policy according to the invention.

DETAILED DESCRIPTION OF THE INVENTION

While the present teachings are described in conjunction with variousembodiments and examples, it is not intended that the present teachingsbe limited to such embodiments. On the contrary, the present teachingsencompass various alternatives, modifications and equivalents, as willbe appreciated by those of skill in the art.

A security system of the present invention is comprised of threeinteracting components: the hardware, the software, and the policy. Allthree are described in detail below, in the same order.

The Hardware

Referring to FIG. 1, a security system 100 of the present invention isshown. The security system 100 is operable to protect an electronicdevice 104 such as a laptop computer. The security system 100 has asecurity device 101 plugged into the electronic device 104, and acontrol software 102 installed in the electronic device 104. Thepluggable security device 101 has an alarm sound source, not shown inFIG. 1, for producing an audible alarm sound 103 upon triggering analarm. The alarm can be triggered by an optional internal accelerometer,not shown, by unplugging of the security device 101 from the electronicdevice 104, by switching the electronic device from an external powerline 107 to an internal battery 108, by failing user authentication atthe electronic device 104, or by unplugging a network cable 105connecting the electronic device 104 to a network 106. In the embodimentshown, the security device 101 and the electronic device 104 areconnected using a Universal Serial Bus (USB) connector 109. The USBconnector 109 of the pluggable security device 101 is rigidly attachedto a tamper-resistant enclosure 112. The term “rigidly attached” ismeant to denote an attachment that mechanically couples the securitydevice 101 and the electronic device 104, so that the optionalaccelerometer disposed in the security device 101 can sense theacceleration or movement of the electronic device 104. Preferably, thetamper-resistant enclosure 112 comprises a water resistant, reinforcedcrush-proof structure that inhibits interruption of the siren tone 103by attempts of physical destruction. The dome construction of thesiren's sound chamber, baffles and optimized siren tone make obfuscatingthe siren sound 103 difficult.

The control software 102 is downloaded from a suitable source, such anoptical disk or a remote secure FTP server, and installed in theelectronic device 104. Once the installation is finished, the controlsoftware 102 is activated, at which point both the security device 101and control software 102 can be configured. The security system 100 canthen be armed to become responsive to some, or all, of the abovementioned alarm triggering events. Once an alarm triggering event isdetected by either the security device 101 or by the control software102, the triggering event is communicated across the USB connector 109,as illustrated by arrows 110 and 111, so that the alarm signals in boththe security device 101 and the electronic device 104 can be soundedsimultaneously. Preferably, the tamper-resistant enclosure 112 of thesecurity device 101 has no user-accessible controls on its outersurface, so that the only way to control the security device 101 isthrough the control software 102. This arrangement makes any tamperingwith the security system 100 very difficult.

Referring now to FIG. 2, a block diagram of the pluggable securitydevice 101 is shown. Disposed within the enclosure 112 are a siren 202for producing the alarm sound 103, an audio driver 203 for driving thesiren 202, a battery 204 for providing electrical power to the securitydevice 101, a microprocessor unit (MPU) 206 for controlling the securitydevice 101, and an accelerometer 208 for sensing acceleration. The MPU206 has a processor 210, an analog to digital (A/D) and digital toanalog (D/A) converter 212, an input/output (I/O) bus 214, anon-volatile memory unit 216 containing the alarm policy and theconfiguration settings, a RAM unit 218, and a USB interface 220. Herein,the term “non-volatile memory unit” is taken to mean a memory unit thatdoes not require a power source to maintain its contents, such as aflash memory unit. The alarm triggering conditions containing a list ofevents that cause triggering of the security device 101 are symbolicallyshown at 222.

In operation, the security device 101 is plugged into the electronicdevice 104, and the control software 102 is downloaded by the user froman external carrier to the electronic device 104. After the controlsoftware 102 is installed in the electronic device 104, variousoperation parameters of the security device 101 can be set by the userusing a data input device of the electronic device 104, such as akeyboard, for example. After this, the electronic device 101 can bearmed to be responsive to the alarm triggering conditions 222. Moredetails on the operational states of the security system 100 will beprovided below, in a section entitled “The Software”.

Once aimed, the electronic device 101 begins to monitor the accelerationsignal provided by the accelerometer 208 and digitized by the A/D D/Aconverter 212. When the acceleration sensed by the accelerometer 208exceeds a pre-defined threshold, the processor 210 provides a controlsignal to the audio driver 203, which energizes the siren 202 to emitthe alarm sound 103. Preferably, the acceleration threshold isadjustable by a user of the electronic device 104. The processor 210also sends a trigger signal to the control software 102 to trigger thealarm sound by the electronic device 104.

The acceleration threshold can be also adjusted based on a “testhandling” of the electronic device 104, by using the accelerometer 208of the security device 101 to measure the acceleration during the “testhandling” and setting the acceleration threshold accordingly. Followingis a succession of steps required to set the acceleration threshold:

(a) plugging the security device 101 into the electronic device 104;

(b) handling the electronic device 104;

(c) while performing step (b), using the accelerometer 208 to measure amagnitude of acceleration of the security device 101; and

(d) adjusting the acceleration threshold to be equal to or above amaximum amplitude of acceleration measured in step (c).

Turning to FIG. 3, a block diagram of the security device 101 pluggedinto the electronic device 104 is shown. The electronic device 104 has acentral processing unit (CPU) 310, system RAM 318, a speaker 302, an I/Obus 314, and a USB connector 309. The system RAM 318 hosts the activecontrol software 102 and a device driver 102A. The control software 102is configured to cause the electronic device 104 to be responsive toalarm triggering events shown symbolically at 320.

The alarm triggering events 320 include sensing an acceleration abovethe threshold, unplugging the security device 101 from the electronicdevice 104, switching the electronic device 104 from the external powerline 107 to the internal battery 108, a failed user authenticationattempt, or unplugging the electronic device 104 from the network 106.When at least one of the alarm triggering events 320 is detected, thecontrol software 102 causes the CPU 310 to perform a number of actionsreferred to herein as alarm responses, or alarm reactions, such as:sounding a loud alarm signal from the speaker 302; locking theelectronic device 104, for example locking the mouse pointer and openinga password entering window; and/or dismounting encrypted data storagedevices of the electronic device 104.

Furthermore, upon detecting one or more of the triggering events 320,the control software 102 instructs the CPU 310 to send a message throughthe USB connectors 309, 109 to the MPU 206 of the security device 101,causing the MPU 206 to react by activating the siren 202. A box 222Asymbolizes an area of RAM 218 of the MPU 206 containing commands tointerpret messages from the electronic device 104 as well as to comparemeasured acceleration to a pre-defined threshold.

When the acceleration sensed by the accelerometer 208 of the securitydevice 101 exceeds the pre-defined threshold, the processor 210 not onlyactivates the siren 202, but also sends a message through the USBconnectors 109, 309 to the CPU 310 of the electronic device 104, whichperforms the alarm responses as defined by the control software 102. TheUSB communication channel of the pluggable security device 101 affordsthe bidirectional communication between the electronic device 104 andthe pluggable security device 101, to communicate activation state, aswell as trigger state information, between the security device 101 andthe electronic device 104.

The battery 204 is preferably a rechargeable lithium ion battery havinga nominal voltage of 3V. The voltage on the lithium battery powers allelectronics of the security device 101 and the siren 202, whether theUSB 5V power source is present or not. In operation, the processor 210detects the unplugging of the security device 101 from the electronicdevice 104 by detecting the absence of the 5V USB bus voltage.

Although it might seem convenient to construct the security device 101so that the firmware of pluggable security device 101 can be updatedfrom the electronic device 104, this is not recommended for securityreasons. Instead, in-circuit reprogramming is preferably used. Thiswould greatly simplify the overall software complexity and not introducea new security weak point. To update the firmware of the pluggablesecurity device 101 using in-circuit reprogramming, the case 112 has tobe removed and an appropriate programming fixture attached. It is verydifficult to do this in an already armed system. Furthermore, accordingto the present invention, an alarm triggering condition can includeconnecting to a programming port of the pluggable security device 101(not shown) while in an armed state.

Turning now to FIG. 4, a security system 400 is shown having thepluggable security device 101, the control software 102 installed to theelectronic device 104 connected to the network 106 with the networkcable 105, and a security sever 401 connected to the network 106 with acable 405. In operation, the security server 401 establishes aconnection with the electronic device 104 through the network 106. Thesecurity server 401 periodically “pings” the electronic device 104 bysending “keep-alive” packets 402 which are returned by the electronicdevice 104 back to the security server 401. When the electronic device104 is disconnected from the network 106, or is rendered unresponsive inany other way, the security server 401 can no longer receive back thekeep-alive packets 402. As soon as the security server 401 does notreceive one or more keep-alive packets 402, it sends a message to a user403 of the electronic device 104, by sending at least one of a SimpleMail Transfer Protocol (SMTP) message 411, a Short Message Service (SMS)message 412, a Simple Network Management Protocol (SNMP) alert 413, ane-mail 415, or by making a phone call 414. This provides an additionallayer of security.

Furthermore, in one embodiment, the security server 401 is configured todistribute the alarm policies among many security systems 100. In otherwords, the security server 401 provides a means for centralized policyof a response to an alarm.

The Software

Referring to FIG. 5, a diagram of states of the security system 400 orthe security system 100 is shown. A state 501 is an “IDLE” state. Inthis state, all alarm triggering events are ignored. This state is usedto configure the software 102 according to an alarm triggering policyselected. This state is also used for normal work with the electronicdevice 104 when the security protection is not required.

A state 502 is an armed state before triggering by an alarm triggeringevent. The state 502 is denoted as “ARMED_OFF”. When the security system100 is in this state, any alarm triggering event defined by the alarmtriggering policy will trigger the security system.

A state 503 is a triggered state, which occurs after the alarm has beentripped. The state 503 is denoted as “ARMED_ON”. When the securitysystem 100 is in this state, it performs a number of alarm actionsdefined by an alarm action policy, for example it activates the siren202 to produce the alarm sound 103.

A transition 504 (“ARM”) is a transition from the IDLE state 401 to theARMED_OFF state 502. Its purpose is to arm the security system 100. Thesecurity system 100 can be armed by a user of the electronic device 104causing the software 102 to send a corresponding command to the securitydevice 101, or the system can be armed automatically, for example, at aspecific time of day on a specific date, or after a period ofinactivity, according to an alarm setting policy. The alarm triggering,action, and setting policies are described below in a section entitled“The Security Policy”.

A transition 505 (“DISARM”) is a transition from the ARMED_OFF state 502or ARMED_ON state 503 back to the IDLE state 401. Its purpose is todisarm the security system 100. The security system 100 can be disarmedby plugging the security device back into the electronic device 104 ifit has been unplugged from, and by entering a correct password.

A transition 506 (“Alarm ON”) is a transition from the ARMED_OFF state502 to the ARMED_ON state 503. It occurs when an alarm is triggered.Accordingly, a transition 507 (“Alarm OFF, remain armed”) is a reversetransition from the ARMED_ON state 503 back to ARMED_OFF state 502. Itoccurs when the alarm is deactivated, but the system 100 needs to remainarmed after deactivating the alarm.

Referring now to FIG. 6, a flow chart of an exemplary securitymonitoring process 600 is shown. The alarm can be triggered by any oneof a pre-defined set of alarm triggering events. At a step 601, theaccelerometer 208 detects acceleration and provides an analogacceleration signal, and at a step 602, the A/D D/A 212 converts theanalog acceleration signal into a digital form. At a step 603, theacceleration value is compared to a pre-defined threshold. If theacceleration is found exceeding the threshold at a step 610, then at astep 611, the alarm system is set to the ARMED_ON state 503 discussedabove, activating the siren 202 to produce the alarm sound 103.

The control software 102 includes a number of secured processes, such asmonitoring password entering attempts shown at 604, monitoring the powersource (the AC power line 107 or the battery 108) of the electronicdevice 104, shown at 605, and monitoring the state of the connection 105to the network 106 of the electronic device 104, shown at 606. Theseprocesses are monitored in a process 607. At a step 608, the results arecommunicated to the security device 101. At the step 603, data includingnumber of allowed password entering attempts, power source type, and thenetwork connection state are compared with corresponding pre-definedthreshold data 609 defined by an alarm triggering policy. If the dataare found meeting the pre-defined criteria, for example if it isdetermined that a pre-defined number of unsuccessful password entriesattempts is exceeded, if switching from the AC power line 107 to theinternal battery 108 is detected, or if disconnection from the network106 is detected, then, at the step 611, the security device 101 is setto the ARMED_ON state 503 and the siren 202 is activated at a step 612.

At a step 613, an “ALARM_ON” signal is sent to the device driver 102A ofthe electronic device 104. At a step 614, the control software 102disables the pointing device and locks the display of the electronicdevice 104. At a step 615, the control software 102 sets the audiooutput of the electronic device 104 to “high” and, at a step 616, soundsthe alarm through the speakers 302 of the electronic device 104. At astep 617, optional dismounting of an encrypted data storage device ofthe electronic device 104 is initiated. For example, the PGP Whole DiskEncryption™, TrueCrypt™, BitLocker™, WinMagic™, or other encryptionapplication can be used to encrypt sensitive data. At a step 618, theactive running processes are locked from any user input except for apassword entry. At a step 619, an authentication window is activated onthe display of the electronic device 104.

After the step 613 has been performed and the electronic device 104 hasreceived the “ALARM_ON” message, a message is sent from the electronicdevice 104 to the security server 401 over the network 106 (if theelectronic device 104 is still connected to the network 106) to initiatethe remote alert messages 411 to 415 at a step 620. Even when theelectronic device 104 is disconnected from the network 106, the securityserver 401 is capable of detecting the disconnection on its own, bysending the keep-alive packets 402 as described above. Once thedisconnection is detected, the security server 401 sends the remotealert messages 411 to 415 at the step 620.

It is to be understood that even though the step 603 of comparing thetrigger data with the defined thresholds is shown as taking place at thesecurity device 101, an embodiment where this step is performed at theelectronic device 104 is also possible. Furthermore, the alarm actionsmay also include activation of an optional Radio-Frequency ID (RFID)source activation. If this option is to be used, the RFID source wouldhave to be installed into the electronic device 104, which may bedetrimental for some applications.

Turning now to FIG. 7, a block diagram of a disarming process 700 fordisarming the security system 100 or 400, represented by the transition505 or the transition 507 in FIG. 5, is shown. At a step 701, a user,for example the user 403, enters a password into a window shown on thedisplay of the electronic device 104. At a step 702, the passwordverification is performed. If the password is found valid, theconnection state of the security device 101 to the electronic device 104is validated at a step 703. If at a step 704 the security device 101 isfound connected to the electronic device 101, then at a step 705, thecontrol software 102 determines whether the security device 101 isregistered to the electronic device 104. If it is, then the disarmingprocess 700 proceeds to a point 706, deactivating the siren 202 of thepluggable security device 101 at a step 707, and deactivating the alarmsound and unlocking the processes run in the electronic device 104 at astep 708. If the security device 101 is found not connected to theelectronic device 104 at the step 704, or if the security device 101 isfound not registered to the electronic device 104 at the step 705, thenthe security system 100 or 400 remains is the ARMED_OFF state 502 or theARMED_ON state 503, as the case may be. This state is shown at 709.

The following Table 1 lists some of the commands and messages receivableby the control software 102 of the electronic device 104.

TABLE 1 Signal Description ARM User command to arm the system 100 DISARMUser command to disarm the system 100 ALARM OFF User command to turn thealarm off FAILED LOGIN Multiple failed authentication/login attemptsdetected AC POWER UNPLUG The AC power line 107 is disconnected NETWORKUNPLUG The network cable 105 is unplugged USB KEY UNPLUG The securitydevice 101 is unplugged INAPPROPRIATE TIME Activity outside ofappropriate time window is detected ALARM ON Message from the securitydevice 101 to turn the alarm signal ON REPORT STATUS Message from thesecurity device 101 to report current status

The following Table 2 lists some of the messages that can be sent by thecontrol software 102 from the electronic device 104 to the securitydevice 101.

TABLE 2 Signal Description ARM Message from the electronic device 104 toarm the pluggable security device 101 DISARM Message from the electronicdevice 104 to disarm the pluggable security device 101 and ignore alltrigger signals ALARM ON Message from the electronic device 104 to turnthe siren 202 of the pluggable security device 101 ON ALARM OFF Messagefrom the electronic device 104 to turn the siren 202 of the pluggablesecurity device 101 OFF CONFIG Message from the electronic device 104 toconfigure the pluggable security device 101. System must be in the IDLEmode 501 for the message to be accepted GET STATUS Message from theelectronic device 104 to gather information about the pluggable securitydevice 101. This message can be sent periodically to allow the controlsoftware 102 to monitor the presence of the pluggable security device101. It can also be used to monitor the health of the pluggable securitydevice 101

The list of alarm triggering events, the list of the alarm actions, andthe particulars of arming and disarming of a security system of thepresent invention are defined by a security policy. The security policyis selected based on a particular security application.

The Security Policy

Referring to FIG. 8, a block diagram illustrating main components of analarm policy 800 is shown. The alarm policy 800 has an alarm triggeringpolicy component 801, an alarm action policy component 802, and an alarmsetting policy component 803.

The alarm triggering policy component 801 is used to determine whichevents trip the alarm causing the transition from the ARMED_OFF state502 to the ARMED_ON state 503. These events may include:

(a) unplugging of the pluggable security device 101 from the electronicdevice 104;

(b) disconnecting the electronic device 104 from the network 106:

-   -   i. detected by the electronic device 104; and/or    -   ii. detected by the security server 401;

(c) a failed authentication attempt;

(d) switching of the electronic device 104 from an external powersource, such as the AC power line 107, to an internal power source, suchas the battery 108; and

(e) acceleration sensed by the accelerometer 208 exceeding theacceleration threshold.

The alarm action policy component 802 is used to determine what actionsmust be performed by the security system 100 while in the ARMED_ON state503. These actions may include:

(a) sounding the alarm 103 by the alarm sound source (siren 202) of thepluggable security device 101;

(b) sounding an alarm through the speakers 302 of the electronic device104;

(c) triggering dismounting of an encrypted volume in the electronicdevice 104;

(d) locking the electronic device 104 from any user input other than apassword entry; and

(e) sending, from the security server 401 connected through the network106 to the electronic device 104, a message to the user 403 of theelectronic device. This message can include: an email; and/or a SMSmessage; and/or a SMTP alert; and/or a SNMP alert; and/or a phone call.

The alarm setting policy component 803 is used to determine conditionsfor the security system 100 to enter the ARMED_OFF state 502. Theseconditions may include

(a) time of the day;

(b) period of inactivity of the electronic device; and

(c) user activation or deactivation through a configuration interfacesoftware installed on the electronic device 104.

The alarm setting policy component 803 can also be used to determineconditions for the security system 400 to enter the IDLE state 501, thatis, the conditions for disarming the system.

Preferably, the policy profiles can be stored in file format at thesecurity server 401 and applied by an administrator of the securityserver 401 depending on particular security needs of the user 403.

The alarm activations 506 in individual security systems 100 connectedthrough the network 106 to the security server 401 can result in eithersounding local alarms, or they can optionally deliver alerts to remotedevices, or services. Similarly to a traditional alarm system issues analert to a monitoring central, the security system 400 can provide theuser 403 with the option of issuing an alert to the owner of the assetvia SMS message, or e-mail; or where the asset is operating or owned byan enterprise, the security system 100 can issue the SMTP or the SNMPalert to the security administrator.

In the event of the ALARM_ON state 503, or the loss of a sequence of thekeep-alive packets 402, the security server 401 will initiate a policybased action, where the security server 401 will issue the specifiedmessages via the defined modes of communication to the administratorspecified addresses. The security server 401 can be implemented ineither an enterprise environment or as an Internet connected servicedepending on the requirements and environment of the client. Forexample, for a consumer or home user a standalone mode is appropriate,where the user is alerted of a theft by the issuance of the siren tone103, and the locking of the electronic device 104 from unauthorizedaccess.

For an enterprise user, or for an office user, activation 506 of thealarm will result in sounding the siren tone 103, and will cause analert to be issued to the security server 401 located at a client datacenter, and managed by the client. This will protect the electronicdevice 104 in a standalone mode when the electronic device 104 isexternal to the office, and as part of an enterprise security systemwhen the electronic device 104 is connected to the client network. Theenterprise service can also provide external alerts to users oradministrators via the following messages or alerts:

(a) an SMS message to a user or managers cell phone;

(b) an SNMP network alert to the client's enterprise security monitoringand management system;

(c) an e-mail to the user or any number of managers; or

(d) a telephone call to any specified number.

For a global user, the user can opt to have their security systems 100issue an alert to a global management server, which will responsivelyissue an alert via a number of communication methods to partiesspecified in the security policy. These actions can include:

(a) an SMS message to a user or managers cell phone;

(b) an SNMP network alert to the client's enterprise security monitoringand management system;

(c) an e-mail to the user or any number of managers; or

(d) a telephone call to any specified number.

Many variations and modifications of the security system 100 or 400 arepossible without departing from the invention. Various connectors,processors, sirens or buzzers can be used, for example. Various types ofacceleration sensors can be used, including piezo sensors or MEMSsensors. The electronic devices can include laptop computers, tabletcomputers, desktop computers, industrial computers, automated tellers,pay stations, digital books, and other electronic devices. It is notintended to be exhaustive or to limit the invention to the precise formdisclosed. It is therefore intended that the scope of the invention belimited not by this detailed description, but rather by the claimsappended hereto.

1. A security device, comprising: an enclosure; a connector for pluggingthe security device to an electronic device and providing a firstelectrical connection to the electronic device, wherein the electronicdevice also has a separate second electrical connection to a computernetwork; an alarm sound source disposed within the enclosure and beingconfigured to produce an audible alarm sound; and a microprocessor unit(MPU) disposed within the enclosure and being configured to control thesecurity device, wherein the MPU is configured to generate an alarmincluding activating the alarm sound source in response to detectingdisconnection of the electronic device from the computer network.
 2. Thesecurity device of claim 1, further comprising a battery disposed withinthe enclosure for providing electrical power to the alarm sound sourceand the MPU.
 3. A system, comprising: a first pluggable security deviceconfigured to be plugged into a first electronic device for providingsecurity protection for the first electronic device, wherein the firstpluggable security device comprises: an enclosure; a connector forplugging the first pluggable security device to the first electronicdevice and providing a first electrical connection to the firstelectronic device; an alarm sound source disposed within the enclosureand being configured to produce an audible alarm sound; and amicroprocessor unit (MPU) disposed within the enclosure and beingconfigured to control the first pluggable security device; and asecurity server configured to be connected to the first electronicdevice through a computer network via a second electrical connection tothe electronic device separate from the first electrical connection,wherein the security server is configured to store first configurationdata defining a security policy for the first pluggable security device,and wherein the security server is configured to distribute the firstconfiguration data to the first security device via the computer networkand the first electronic device, and wherein the first configurationdata includes at least one of: (1) data defining an alarm triggeringpolicy for the first pluggable security device, the alarm triggeringpolicy defining a set of events which will cause the first securitydevice to trigger an alarm; and (2) data defining an alarm action policyfor the first pluggable security device, the alarm action policydefining a set of actions to be taken in response to an alarm beingtriggered, wherein the first pluggable security device is configured inresponse to the first configuration data, and wherein the MPU isconfigured to generate an alarm including activating the alarm soundsource, in response to detecting disconnection of the first electronicdevice from the computer network.
 4. The system of claim 3, furthercomprising a second pluggable security device configured to be pluggedinto a second electronic device for providing security protection forthe second electronic device, wherein the security server is configuredto store second configuration data defining a security policy for thesecond pluggable security device, and wherein the security server isconfigured to distribute the second configuration data to the secondsecurity device via the computer network and the second electronicdevice, and wherein the second configuration data includes at least oneof: (1) data defining an alarm triggering policy for the secondpluggable security device, the alarm triggering policy defining a set ofevents which will cause the second security device to trigger an alarm;and (2) data defining an alarm action policy for the second pluggablesecurity device, the alarm action policy defining a set of actions to betaken in response to an alarm being triggered, wherein the secondpluggable security device is configured in response to the secondconfiguration data, and wherein the second configuration data isdifferent from the first configuration data.
 5. The system of claim 3,wherein the first configuration data includes the data defining thealarm triggering policy for the first pluggable security device.
 6. Thesystem of claim 5, wherein the alarm triggering policy comprisestriggering an alarm in response to a user definable subset of a set ofalarm triggering events comprising: unplugging of the pluggable securitydevice from the first electronic device; detecting an acceleration ofthe first pluggable security device that is greater than an accelerationthreshold; disconnecting the electronic device from the computernetwork; detecting a failed authentication attempt; and switching of thefirst electronic device from an external power source to an internalpower source.
 7. The system of claim 3, wherein the first configurationdata includes the data defining the alarm action policy for the firstpluggable security device.
 8. The system of claim 7, wherein the alarmaction policy comprises a user definable subset of a set of alarmactions comprising: sounding an alarm in the first pluggable securitydevice; sounding an alarm in the first electronic device; dismounting anencrypted data storage device in the first electronic device; lockingthe first electronic device; and sending, from the security server amessage to a user of the first electronic device.
 9. The system of claim3, wherein the security server is further configured to periodicallyping the first electronic device via the computer network, and inresponse to the security server not receiving a response to a ping ofthe first electronic device, to send a message from the security serverindicating a security problem with the first electronic device.
 10. Thesystem of claim 3, wherein the first pluggable security device furthercomprises a battery disposed within the enclosure for providingelectrical power to the alarm sound source and the MPU.
 11. A method,comprising: providing a first pluggable security device configured to beplugged into a first electronic device, via a first electricalconnection of the electronic device, for providing security protectionfor the first electronic device; providing a security server configuredto be connected to the first electronic device through a computernetwork via a second electrical connection to the electronic deviceseparate from the first electrical connection; storing at the securityserver first configuration data for the first pluggable security devicedefining a security policy for the first pluggable security device;communicating the first configuration data from the security server tothe first electronic device via the computer network; communicating thefirst configuration data from the first electronic device to the firstpluggable security device; configuring the first pluggable securitydevice in response to the first configuration data; detecting aconnection state between the first electronic device and the computernetwork; and activating an alarm sound source in the first pluggablesecurity device in response to detecting disconnection of the firstelectronic device from the computer network, wherein the firstconfiguration data includes at least one of: (1) data defining an alarmtriggering policy for the first pluggable security device, the alarmtriggering policy defining a set of events which will cause the firstpluggable security device to trigger an alarm; and (2) data defining analarm action policy for the first pluggable security device, the alarmaction policy defining a set of actions to be taken in response to analarm being triggered.
 12. The method of claim 11, further comprising:providing a second pluggable security device configured to be pluggedinto a second electronic device for providing security protection forthe second electronic device; storing at the security server secondconfiguration data defining a security policy for the second pluggablesecurity device; communicating the second configuration data from thesecurity server to the second electronic device via the computernetwork; communicating the second configuration data from the secondelectronic device to the second pluggable security device; andconfiguring the second pluggable security device in response to thesecond configuration data, wherein the second configuration dataincludes at least one of: (1) data defining an alarm triggering policyfor the second pluggable security device, the alarm triggering policydefining a set of events which will cause the second pluggable securitydevice to trigger an alarm; and (2) data defining an alarm action policyfor the second pluggable security device, the alarm action policydefining a set of actions to be taken in response to an alarm beingtriggered, and wherein the second configuration data is different fromthe first configuration data.
 13. The method of claim 11, wherein thefirst configuration data includes the data defining the alarm triggeringpolicy for the first pluggable security device.
 14. The method of claim13, wherein the alarm triggering policy comprises triggering an alarm inresponse to a user definable subset of a set of alarm triggering eventscomprising: unplugging of the first pluggable security device from thefirst electronic device; detecting an acceleration of the firstpluggable security device that is greater than an accelerationthreshold; disconnecting the first electronic device from the computernetwork; detecting a failed authentication attempt; and switching of thefirst electronic device from an external power source to an internalpower source.
 15. The method of claim 11, wherein the firstconfiguration data includes the data defining the alarm action policyfor the first pluggable security device.
 16. The method of claim 15,wherein the alarm action policy comprises a user definable subset of aset of alarm actions comprising: sounding an alarm in the firstpluggable security device; sounding an alarm in the first electronicdevice; dismounting an encrypted data storage device in the firstelectronic device; locking the first electronic device; and sending,from the security server a message to a user of the first electronicdevice.
 17. The method of claim 11, further comprising generating areaction to an alarm, the reaction comprising at least one of: soundingthe audible alarm sound in the first pluggable security device; andsounding an audible alarm in the first electronic device.
 18. The methodof claim 11, further comprising: the security server periodicallypinging the first electronic device via the computer network; and inresponse to the security server not receiving a response to a ping ofthe first electronic device, sending a message from the security serverindicating a security problem with the first electronic device.